Attack Computer Wiz

A Security & Technology Weblog

I collect swag, I will not deny it, actually I challenge myself to see how many t-shirts, flashlights, mugs, and other goodies I can pick up at the events I attend. (See our RSA 2010 photos on our Facebook page) For me, and many others, the best and most useful piece of swag you can score is a thumb drive. Once upon time it was 64mb or 256mb if you got lucky. Then came the 500mb and the 1gb. Now it is not uncommon to snag a 2gb drive. To my left I have a plastic bowl half full of thumb drives I have collected over the years.

I wonder though; Does the average person think about what may be launching from that drive that they pick up at some expo? Or heaven forbid pick up in the Taco Bell parking lot!

Before you go and plug that device into your computer you may want to keep some things in mind.

  1. Do you trust the person or company that gave it to you?
  2. Are you sure that they have not installed some malicious software on it that could gain access to your computer?
  3. Did some other person drop a drive into the bowl with the legitimate drives?
  4. Did you pick it up off the floor or parking lot?
So should you say "no thanks" when offered that free drive or just step over the drive laying on the ground? By all means, NO! But you do need to ensure that you are not putting yourself and your systems at risk. To help protect yourself I recommend:
  1. Insert the device into a system running Linux, Ubuntu, or Mac OS. These operating systems are less popular then Windows and therefore are less targeted my malicious coders.
  2. Once inserted, scan the files with a reliable anti-virus/anti-malware product.
  3. Preform a complete format of the device erasing all data.
  4. Disable the "Auto-Play" feature that is built into your Windows system. (How to)
  5. You may also want to disconnect the system from the network first in order to protect other systems.
If you are still not comfortable, just ship the drive to me and I will add it to my bowl.

    user Posted by John "Mike" Wright

    | More


    Post a Comment